S5: Governance

Question 1

What is governance?

Answer 1

The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.

Question 2

What is risk management?

Answer 2

A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organizations objectives.

Question 3

What is control?

Answer 3

Any action taken by management, the board, or other parties to manage risk and increase the likelihood that established objectives and goals will be achieved.

Question 4

What are the Boards responsibilities for GRC?

Answer 4

1. Strategic direction
2. Governance oversight

Question 5

What is Senior Management’s responsibility for GRC?

Answer 5

Senior management must execute the organizations strategy and governance on a day to day basis. They also provide direct leadership over risk management and control processes, but they delegate specifics to a risk committee who becime risk managers.

Question 6

What are the 6 principles of the Three Lines of defense?

Answer 6

1. Governance
   2.giverning body roles
2. Management first and second line roles
3. Third line roles
4. Third line independence
5. Creating and protecting value

Question 7

Different roles in the 3 lines model

Answer 7

1. First line role has the risk owner role
2. Second line role has the risk control and compliance role
3. Third line role has the risk assurance role.

Question 8

External assurance providers provide additional assurance to:

Answer 8

1. Satisfy legal and regulatory expectations that serve to protect the interests of stakeholders
2. Satisfy requests by management and the governing body to complement internal sources of assurance

Question 9

External assurance providers are more effective in GRC when:

Answer 9

1. Their activities are carefully coordinated to avoid duplication of effort
2. The internal audit activity addresses gaps in their coverage due to their specialized focus areas

Question 10

What is the kings report?

Answer 10

It addresses the role and function of internal auditing as well as specific reporting requirements.

Question 11

Compliance based approach to internal audit

Answer 11

Assesses compliance with existing procedures and processes without an evaluation of whether or not the procedure or process is an adequate control.

Question 12

Risk based approach to internal audit

Answer 12

Allows internal audit to determine whether controls are effective in managing the risks which arise from the strategic direction that a company through its board has decided to adopt

Question 13

What is IT Governance?

Answer 13

The leadership, structure, and oversight processes thst ensure the organizations IT supports the objectives and strategies of the organization

Question 14

What are the 5 framework areas in the IIA Izt governance framework?

Answer 14

1. Strategic alignment
2. Risk management
3. Value delivery
4. Performance measurement
5. Resource management

Question 15

What is compliance?

Answer 15

Adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements